Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-15 | CVE-2005-4243 | Input Validation vulnerability in Quickpaypro 3.1 Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php. | 7.5 |
| 2005-12-14 | CVE-2005-1928 | Resource Management Errors vulnerability in Trend Micro Serverprotect Earthagent 5.58 Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. | 7.8 |
| 2005-12-14 | CVE-2005-1929 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. | 7.5 |
| 2005-12-14 | CVE-2005-3360 | Products Local Insecure Permissions vulnerability in Trend Micro Pc-Cillin 2005 12.00Build1244 The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files. | 7.2 |
| 2005-12-14 | CVE-2005-4251 | Input Validation vulnerability in Mcgallery PRO 1.0/1.1/2.2 Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php. | 7.5 |
| 2005-12-14 | CVE-2005-4246 | SQL Injection vulnerability in Plogger SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4244 | SQL Injection vulnerability in Snipegallery Snipe Gallery SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | 7.5 |
| 2005-12-14 | CVE-2005-4240 | Input Validation vulnerability in VCD-DB SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4234 | SQL Injection vulnerability in EncapsGallery Gallery.PHP SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4233 | SQL Injection vulnerability in PHP Web Scripts Ad Manager Pro Advertiser_statistic.PHP SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | 7.5 |